Effective CISSP Questions

The system administrator didn’t exercise his due care neglecting the notification sent from the E-Commerce system that the RAID system is corrupting. Two RAID member disks failed in the end, that disrupted E-Commerce services. Thanks to the established recovery strategy, the E-Commerce system automatically failed over to the alternative hot site in 10 minutes. Which of the following is the best to define the recovery strategy?
A. Disaster Recovery Plan (DRP)
B. Business Continuity Plan (BCP)
C. Information System Contingency Plan (ISCP)
D. Computer Security Incident Response Plan (CSIRP)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Information System Contingency Plan (ISCP).

An ISCP is a system-specific plan, which provides established procedures and key information needed for system recovery following a disruption regardless of site or location. Some ISCP may consider alternative sites based on the impact level of the information system. Not all incidents meet the criteria to active the ISCP, which typically has a threshold of recovery time objective (RTO).

A DRP is primarily a site-specific plan developed with procedures to move operations of one or more information systems from a damaged or uninhabitable location to a temporary alternate location.

The BCP focuses on sustaining an organization’s mission/business processes during and after a disruption.


Leave a Reply